DOCSLIB.ORG

Hybrid Cryptoschemes and Public Key Authentication

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Hybrid Cryptoschemes and Public Key Authentication Overview Hybrid Cryptoschemes and Public Key Authentication Lesson contents Alessandro Barenghi Hybrid Cryptosystems Digital Certificates Dipartimento di Elettronica, Informazione e Bioingegneria (DEI) Politecnico di Milano The Web of Trust model alessandro.barenghi - at - polimi.it G. Pelosi, A. Barenghi (DEI) Hybrid Cryptoschemes and Public Key Authentication 1 / 47 G. Pelosi, A. Barenghi (DEI) Hybrid Cryptoschemes and Public Key Authentication 2 / 47 Communication security Issues The trivial solution Does it scale? Alice and Bob want to have a confidential, authenticated Problem 1: To communicate with n people, Alice needs to communication. know/store n separate keys: key storage is an issue Trivial solution: they meet in person, and exchange a secret key k Problem 2: To communicate with someone, Alice needs to meet From the meeting point on, they use a symmetric cipher to encrypt him/her in person once, or have a secure communication channel their communications A A Solution: Alice generates an asymmetric keypair kpub; kpri and makes Confidentiality is achieved, authentication is implicit from the secrecy A B B kpub available, and so does Bob generating kpub; kpri of the symmetric key To communicate with Bob, Alice signs the message with kA , and This was the only solution possible up to 1976, as only symmetric pri encrypts it with kB ciphers were available pub G. Pelosi, A. Barenghi (DEI) Hybrid Cryptoschemes and Public Key Authentication 3 / 47 G. Pelosi, A. Barenghi (DEI) Hybrid Cryptoschemes and Public Key Authentication 4 / 47 Efficiency issues Cryptographic Hash Hybrid cryptosystems A non-encrypting cryptographic primitive Asymmetric ciphers are slow (≈ 100kiB/s on a desktop): encryption A hash is a deterministic function from arbitrary length message m, and signature of large messages are unpractical to fixed length output h = H(m) Build a hybrid cryptosystem using multiple cryptographic primitives Practically used to obtain a fixed-length \label" h for a digital object Encryption: Alice generates a random symmetric key k, encrypts the B The same value of h may be the hash of different messages (no such message with it, and encrypts k with kpub B thing as bijective arbitrary size ! fixed size compression) Decryption: Bob decrypts k using kpri , and uses it to decrypt the message, after which he may discards k. For a cryptographic hash it should not be practically feasible to: Signature: Alice should sign something smaller than the whole 1 Given h, find a m such that H(m) = h (1st preimage) message, although uniquely bound to it in some way 2 Given a message m, find m0 such that H(m0) = H(m) (2nd preimage) 3 Find two messages m0; m00 such that H(m0) = H(m00) (collision) Solving the efficient signature problem requires a new cryptographic primitive, the cryptographic hash Note that 1st preimage ) 2nd preimage ) collision, G. Pelosi, A. Barenghi (DEI) Hybrid Cryptoschemes and Public Key Authentication 5 / 47 G. Pelosi, A. Barenghi (DEI) Hybrid Cryptoschemes and Public Key Authentication 6 / 47 One last(ing) issue Digital certificates What are digital certificates? Public key authentication Digital certificates are designed mimicking an actual paper certificate Hybrid cryptoschemes allow efficient, confidential communication for the information we want to authenticate Crucial assumption: Alice and Bob are employing each other's public Our purpose is to authenticate the binding of a public key to the key to send the messages identity of someone/some company If no measures are taken, it is easy to perform an impersonation The format for standardised digital certificates is defined through a attack on public key cryptosystems formal language through Abstract Syntax Notation One (ASN.1) We need some form of digital certificate of authenticity of public The contents of a digital certificate and their semantic values are keys specified employing ASN.1 in the X.509 Standard by ITU-T We will see solutions to this issue, and the infrastructures built to (International Telecommunication Union) manage their lifecycle (certificate issuing-use-revocation-expiration) The certificate signatures are performed employing signing the output of a cryptographic hash with an asymmetric primitive G. Pelosi, A. Barenghi (DEI) Hybrid Cryptoschemes and Public Key Authentication 7 / 47 G. Pelosi, A. Barenghi (DEI) Hybrid Cryptoschemes and Public Key Authentication 8 / 47 Digital certificates Digital certificates Contents The X.509 standard mandates the certificate for the digital signature Format to contain the following information: The digital certificates are commonly exchanged as files Version and Serial Number : Used identify the certificate and specify Most common encoding: Distinguished Encoding Rules (DER, ITU the accepted extensions X.690) specifies a binary encoding format for the certificate Subject: The person, or entity to which the key belongs. DER encoding includes non printable characters, Issuer: The entity that verified the information and issued the certificate. The DER encoded certificate may be encoded in Base64 yielding data Valid-From/Valid-To: The validity period of the certificate. that can be copy-pasted easily (common file extension: PEM) Key-Usage: Purpose of the public key (e.g. encryption, signature Parsing certificates should be done carefully: string fields may contain verification on data, signature verification on certificates...). also non-printable characters (strings stored as length+content) Public Key: The public key to be bound to the subject. Signature Algorithm: The algorithm used to sign the hash of the certificate and the hash algorithm. Signature: The actual signature of the hash of the certificate. G. Pelosi, A. Barenghi (DEI) Hybrid Cryptoschemes and Public Key Authentication 9 / 47 G. Pelosi, A. Barenghi (DEI) Hybrid Cryptoschemes and Public Key Authentication 10 / 47 Digital certificates Digital certificates How is it signed? The signature is performed through hashing part of the certificate and signing the digest as per RFC 5280. Certificate inspection The parts of the certificate which must be signed include: Inspecting X.509 certificates manually requires a pretty-printer Version and Serial Number Modern browsers include a summary pretty printer Subject, Issuer and Validity dates The public key to be certified The openssl library client performs prettyprinting if used as: Some of the certificate extensions (e.g. key usage) openssl x509 -inform DER -in <cert.der> -noout -text The signature process takes as input the aforementioned fields, A decoder for DER files can be found at http://lapo.it/asn1js/ Issuer encoded in DER in order, hashes them and signs the hash with kpri RFC 5280 specifies that either OS2IP (a custom sequence of bytewise additions!) or PKCS1 standard hashing must be used In practice, PKCS1 is the most common choice since it mandates the use of a cryptographically strong hash G. Pelosi, A. Barenghi (DEI) Hybrid Cryptoschemes and Public Key Authentication 11 / 47 G. Pelosi, A. Barenghi (DEI) Hybrid Cryptoschemes and Public Key Authentication 12 / 47 Digital certificates Practical key sizes A brief primer on security margins Possible issues A proper security margin is ensured choosing a large enough keyspace The signature is reliable iff the employed hash is collision-resistant for all the ciphers involved and the signature algorithm is not broken The table obtained from the estimates at www.keylength.com by One of the most common choices for the hash was MD5 both academia and national standard bodies Today, computing a collision for MD5 takes ≈ 10s on this laptop Safe Secret/Private Key length [b] Given a message m1, you can derive a colliding message is in the form m = m jjpad, where pad is a properly chosen 64 B string up to RSA ECDSA DSA AES 2 1 year (key/group) Equiv. Certificates signed with MD5 can be forged taking a valid certificate, 1986 512 111 122/515 60 changing the desired values, and stuffing the pad as the comment 2010 1024 144 144/1024 80 field in the certificate extensions (last part to be fed to MD5) 2030 2048 224 224/2048 112 More of this to come in the lesson on cryptographic hashes 2060 4440 256 256/4440 128 Fores. Future 26268 512 512/26268 256 G. Pelosi, A. Barenghi (DEI) Hybrid Cryptoschemes and Public Key Authentication 13 / 47 G. Pelosi, A. Barenghi (DEI) Hybrid Cryptoschemes and Public Key Authentication 14 / 47 Digital certificates PKI Infrastructure Who signs the certificates? Roles Certification Authority (CA): An entity (typically a firm) which \Someone trusted" signs the certificate, vouching for its authenticity takes care of signing the certificates, and distributes its public key to To provide this trusted entity, three solutions have been proposed: all the users in a trusted manner PKI: Public Key Infrastructure:A centralized, tree structured architecture of entities which sign certificates of their subsiders. The Registration Authority (RA): An entity (again, usually a firm) root authorities are implicitly trusted which takes care of verifying the actual authenticity of a certificate, WoT: Web-of-Trust:A distributed architecture relying on the \small gathering data on the user (physically checking his/her identity and world assumption" where everyone can sign certificates. The trust on certificate hash). Very often, it coincides with the CA the authenticity of a certificate is established depending on the trust on User: Asks the CA to sign his certificate, or employs the CA public the authenticity of its signers keys to verify the authenticity of the certificates for another user. G. Pelosi, A. Barenghi (DEI) Hybrid
Load more

Recommended publications
  • Surveillance Self-Defense – Mac OSX
    Tips, Tools, and How-To’s for Safer Online Communications Mac OSX Edition This work is licensed under a Creative Commons Attribution 3.0 United States License. Any other content within this work that may not be covered by this CC-BY license is hereby used under the intention of Fair Use. No copyright infringement intended. 2 Editor’s Foreword This edition of the Electronic Frontier Foundation’s Surveillance Self-Defense Project has been arranged into a downloadable PDF version for ease of use as a printable copy to benefit Macintosh users. Many people have expressed interest into both the why and how of secured record archival, and so I think EFF’s SSD helps to facilitate the remedial education that was not provided in any government school curriculum. The intention here was to assemble the SSD into a format that could be useful to someone who doesn’t yet have access to the Internet, or who would otherwise appreciate an archived version of the SSD. Screenshots from a few of the tutorials have been omitted for the sake of brevity. Minor grammatical and punctuation errors have been corrected. It is my sincere desire that the SSD serves to increase the quality of your security culture, as it has done for mine. Please do keep in mind, though, that security culture is not just limited to cellular telephones, laptop computers, and the Internet, but also includes your home, your automobile, and your persona. I do hope the SSD helps you protect your documents through secured record archival. Kyle Rearden Austin, Texas June, 2015 3 Table of Contents
    [Show full text]
  • Awesome Mails Pro 3 301 Pro Patch Mac Os
    Awesome Mails Pro 3 3.0.1 Pro Patch [Mac Os] 1 / 6 Awesome Mails Pro 3 3.0.1 Pro Patch [Mac Os] 2 / 6 3 / 6 I have a Mac Pro 3,1 running Mojave and I'm currently trying to upgrade to Catalina. ... Installed on your MacBook Pro 2009 macosx Catalina using a patch from dosdude 1, ... AFileSystemDriver 3.0.1 ... Best option here would be to download the platform-independent RAM tester, burn it on ... Email • Twitter.. On the other hand, package installers are actually the easiest to uninstall. Use a application called unpkg ( www.timdoug.com/ ) to manually ... DEVONthink Pro Office 3 workplace is the only best method to keep the ... your email record, or your job coordinator; DEVONthink Pro Office 3.0.1 ... the PDF sidebar didn't assist rearranging and falling [macOS Sierra] ... DEVONthink Pro 3.0.1 Office mac crack saves all of your files, keeps them ... Serial Key:. Creates beautiful interactive emails with photos, stylish fonts and web hyper links. Awesome Mails Pro 4 creates emails optimized for distribution through Apple Mail. ... Email and newsletter designer for Mac ... As featured on Macworld.com:. Awesome Mails Pro is a professional newsletter and an email marketing designer. Create beautiful interactive emails with photos, elegant ... Microsoft Windows Malicious Software Removal Tool (MRT.exe) – FAQ DOWNLOAD Awesome Mails Pro 3 3.0.1 Pro + Patch Mac Os Crack Torrent 2018 Final Version.... appgate-sdp-client, AppGate SDP Client for macOS, 5.0.3 ... blu-ray-player-pro, Macgo Mac Blu-ray Player Pro, 3.3.19_191021_2039.
    [Show full text]
  • Take Control of Apple Mail (4.1) SAMPLE
    EBOOK EXTRAS: v4.1 Downloads, Updates, Feedback TAKE CONTROL OF APPLE MAIL COVERS MAIL IN macOS Mojave, High Sierra & Sierra iOS 12 & iOS 11 by JOE KISSELL $14.99 4TH Click here to buy the full 232-page “Take Control of Apple Mail” for only $14.99! EDITION Table of Contents Read Me First ............................................................... 6 Updates and More ............................................................. 6 Basics .............................................................................. 7 What’s New in Version 4.1 .................................................. 7 What Was New in the Fourth Edition .................................... 8 Introduction .............................................................. 10 Apple Mail Quick Start ............................................... 12 Learn What’s New in Mail .......................................... 13 Mail Changes in Mojave .................................................... 13 Mail Changes in High Sierra .............................................. 14 Mail Changes in iOS 12 .................................................... 16 Mail Changes in iOS 11 .................................................... 16 Learn About Email Protocols ...................................... 18 POP ............................................................................... 19 IMAP ............................................................................. 20 SMTP ............................................................................. 21 IMAP and POP Misconceptions
    [Show full text]
  • OS X for Hackers at Heart 2005.Pdf
    343_OSX_FM.qxd 11/4/05 6:56 PM Page i Register for Free Membership to [email protected] Over the last few years, Syngress has published many best-selling and critically acclaimed books, including Tom Shinder’s Configuring ISA Server 2004, Brian Caswell and Jay Beale’s Snort 2.1 Intrusion Detection, and Angela Orebaugh and Gilbert Ramirez’s Ethereal Packet Sniffing. One of the reasons for the success of these books has been our unique [email protected] program. Through this site, we’ve been able to provide readers a real time extension to the printed book. As a registered owner of this book, you will qualify for free access to our members-only [email protected] program. Once you have registered, you will enjoy several benefits, including: ■ Four downloadable e-booklets on topics related to the book. Each booklet is approximately 20-30 pages in Adobe PDF format. They have been selected by our editors from other best-selling Syngress books as providing topic coverage that is directly related to the coverage in this book. ■ A comprehensive FAQ page that consolidates all of the key points of this book into an easy-to-search web page, pro- viding you with the concise, easy-to-access data you need to perform your job. ■ A “From the Author” Forum that allows the authors of this book to post timely updates and links to related sites, or additional topic coverage that may have been requested by readers. Just visit us at www.syngress.com/solutions and follow the simple registration process.
    [Show full text]
  • Take Control of Apple Mail (5.1) SAMPLE
    EBOOK EXTRAS: v5.1 Downloads, Updates, Feedback TAKE CONTROL OF APPLE MAIL COVERS MAIL IN macOS Big Sur • Catalina • Mojave iOS 13 & 14 • iPadOS 13 & 14 by JOE KISSELL $14.99 5TH Click here to buy the full 250-page “Take Control of Apple Mail” for only $14.99! EDITION Table of Contents Read Me First ............................................................... 6 Updates and More ............................................................. 6 What’s New in Version 5.1 .................................................. 7 What Was New in the Fifth Edition ....................................... 7 Introduction ................................................................ 9 Apple Mail Quick Start ............................................... 11 Learn What’s New in Mail .......................................... 12 Mail Changes in Big Sur .................................................... 13 Mail Changes in Catalina ................................................... 13 Mail Changes in Mojave .................................................... 15 Mail Changes in iOS 14 & iPadOS 14 .................................. 16 Mail Changes in iOS 13 & iPadOS 13 .................................. 16 Learn About Email Protocols ...................................... 18 POP ............................................................................... 19 IMAP ............................................................................. 20 SMTP ............................................................................. 21 IMAP and POP Misconceptions
    [Show full text]
  • Practical Paranoia Macos 10.13 V1.3 20180310
    1 Practical Paranoia: macOS 10.13 Security Essentials Author: Marc Mintz Copyright © 2016, 2017, 2018 by The Practical Paranoid, LLC. Notice of Rights: All rights reserved. No part of this document may be reproduced or transmitted in any form by any means without the prior written permission of the author. For information on obtaining permission for reprints and excerpts, contact the author at [email protected], +1 888.504.5591. Notice of Liability: The information in this document is presented on an As Is basis, without warranty. While every precaution has been taken in the preparation of this document, the author shall have no liability to any person or entity with respect to any loss or damage caused by or alleged to be caused directly or indirectly by the instructions contained in this document, or by the software and hardware products described within it. It is provided with the understanding that no professional relationship exists and no professional security or Information Technology services have been offered between the author or the publisher and the reader. If security or Information Technology expert assistance is required, the services of a professional person should be sought. Trademarks: Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and the author was aware of a trademark claim, the designations appear as requested by the owner of the trademark. All other product names and services identified in this document are used in editorial fashion only and for the benefit of such companies with no intention of infringement of trademark.
    [Show full text]
  • Practical Paranoia Workshops & Books
    1 Practical Paranoia: macOS 10.13 Security Essentials Author: Marc Mintz Copyright © 2016, 2017, 2018 by The Practical Paranoid, LLC. Notice of Rights: All rights reserved. No part of this document may be reproduced or transmitted in any form by any means without the prior written permission of the author. For information on obtaining permission for reprints and excerpts, contact the author at [email protected], +1 888.504.5591. Notice of Liability: The information in this document is presented on an As Is basis, without warranty. While every precaution has been taken in the preparation of this document, the author shall have no liability to any person or entity with respect to any loss or damage caused by or alleged to be caused directly or indirectly by the instructions contained in this document, or by the software and hardware products described within it. It is provided with the understanding that no professional relationship exists, and no professional security or Information Technology services have been offered between the author or the publisher and the reader. If security or Information Technology expert assistance is required, the services of a professional person should be sought. Trademarks: Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and the author was aware of a trademark claim, the designations appear as requested by the owner of the trademark. All other product names and services identified in this document are used in editorial fashion only and for the benefit of such companies with no intention of infringement of trademark.
    [Show full text]
  • Take Control of Apple Mail (5.0) SAMPLE
    EBOOK EXTRAS: v5.0 Downloads, Updates, Feedback TAKE CONTROL OF APPLE MAIL COVERS MAIL IN macOS Catalina & Mojave iOS 13/iPadOS 13 & iOS 12 by JOE KISSELL $14.99 5TH Click here to buy the full 239-page “Take Control of Apple Mail” for only $14.99!EDITION Table of Contents Read Me First ............................................................... 6 Updates and More ............................................................. 6 What’s New in the Fifth Edition ............................................ 7 Introduction ................................................................ 8 Apple Mail Quick Start ............................................... 10 Learn What’s New in Mail .......................................... 11 Mail Changes in Catalina ................................................... 12 Mail Changes in Mojave .................................................... 13 Mail Changes in iOS 13 & iPadOS 13 .................................. 14 Mail Changes in iOS 12 .................................................... 15 Learn About Email Protocols ...................................... 16 POP ............................................................................... 17 IMAP ............................................................................. 18 SMTP ............................................................................. 19 IMAP and POP Misconceptions ........................................... 20 Switch from POP to IMAP .................................................. 21 iCloud ...........................................................................
    [Show full text]